commit 68a85e24fc27944712170f572668c4a9ad694e3d
author Ryan Everett <ryan.everett@arm.com> Thu Nov 16 16:44:13 2023 +0000
committer Ryan Everett <ryan.everett@arm.com> Thu Nov 16 16:44:13 2023 +0000
tree e248853a732086e229e0886a8616fb66235a3e0a
parent e44be6a7d3d31f3fac1a74b262b395984d193b05

Fix secure element key error handling

Signed-off-by: Ryan Everett <ryan.everett@arm.com>

ChangeLog.d/fix-secure-element-key-creation.txt

diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt
new file mode 100644
index 0000000..23a46c0
--- /dev/null
+++ b/ChangeLog.d/fix-secure-element-key-creation.txt
@@ -0,0 +1,5 @@
+Bugfix
+   * Fix error handling when creating a key in a dynamic secure element
+     (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
+     the creation could return PSA_SUCCESS but using or destroying the key
+     would not work. Fixes #8537.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 533ded6..ae35efc 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1710,6 +1710,9 @@
 
         status = psa_copy_key_material_into_slot(
             slot, (uint8_t *) (&slot_number), sizeof(slot_number));
+        if (status != PSA_SUCCESS) {
+                return status;
+        }
     }
 
     if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) {